CVE-2022-31216

Name of the Vulnerable Software and Affected Versions ABB Automation Builder Drive Composer (affected versions not specified)

Description The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does not already exist. Additionally, the Drive Composer installer file permits a low-privileged user to perform a "repair" operation on the product.

Recommendations For Drive Composer, consider restricting access to the installer file to prevent low-privileged users from running the "repair" operation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.